Plugin: Ultimate Bootstrap Elements for Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Image Widget
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Exclusive Addons for Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 2.6.9.1
Recommended Action: Update to version 2.6.9.1, or a newer patched version
Plugin: WP Social Widget
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Patched Version: 2.2.6
Recommended Action: Update to version 2.2.6, or a newer patched version
Plugin: Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers
Vulnerability: Unauthenticated Stored Cross-Site Scripting
Patched Version: 1.12.7
Recommended Action: Update to version 1.12.7, or a newer patched version
Plugin: WPvivid Backup for MainWP
Vulnerability: Reflected Cross-Site Scripting
Patched Version: 0.9.33
Recommended Action: Update to version 0.9.33, or a newer patched version
Plugin: Booking for Appointments and Events Calendar – Amelia
Vulnerability: Reflected Cross-Site Scripting
Patched Version: 1.0.99
Recommended Action: Update to version 1.0.99, or a newer patched version
Plugin: Nextend Social Login and Register
Vulnerability: Reflected Self-Based Cross-Site Scripting via error_description
Patched Version: 3.1.13
Recommended Action: Update to version 3.1.13, or a newer patched version
Plugin: NextMove Lite – Thank You Page for WooCommerce
Vulnerability: Missing Authorization to Unauthenticated System Information Disclosure
Patched Version: 2.18.1
Recommended Action: Update to version 2.18.1, or a newer patched version
Plugin: Calculated Fields Form
Vulnerability: Unauthenticated Stored Cross-Site Scripting
Patched Version: 5.1.57
Recommended Action: Update to version 5.1.57, or a newer patched version
Plugin: Wp Social Login and Register Social Counter
Vulnerability: Missing Authorization to Unauthenticated Social Login/Share Status Update
Patched Version: 3.0.1
Recommended Action: Update to version 3.0.1, or a newer patched version
Plugin: Migration, Backup, Staging – WPvivid
Vulnerability: Missing Authorization
Patched Version: 0.9.69
Recommended Action: Update to version 0.9.69, or a newer patched version
Plugin: AI Engine
Vulnerability: Unauthenticated Stored Cross-Site Scripting
Patched Version: 2.2.1
Recommended Action: Update to version 2.2.1, or a newer patched version
Plugin: Download Manager
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 3.2.86
Recommended Action: Update to version 3.2.86, or a newer patched version
Plugin: Master Slider – Responsive Touch Slider
Vulnerability: Responsive Touch Slider <= 3.9.5
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 45.7.0
Recommended Action: Update to version 45.7.0, or a newer patched version
Plugin: Events Manager – Calendar, Bookings, Tickets, and more!
Vulnerability: Authenticated(Administator+) Stored Cross-Site Scripting via settings
Patched Version: 6.4.7
Recommended Action: Update to version 6.4.7, or a newer patched version
Plugin: GenerateBlocks
Vulnerability: Sensitive Information Exposure
Patched Version: 1.8.3
Recommended Action: Update to version 1.8.3, or a newer patched version
Plugin: WP Show Posts
Vulnerability: Information Exposure
Patched Version: 1.1.5
Recommended Action: Update to version 1.1.5, or a newer patched version
Plugin: Advanced iFrame
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 2024.2
Recommended Action: Update to version 2024.2, or a newer patched version
Plugin: Exclusive Addons for Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Call To Action Widget
Patched Version: 2.6.9.1
Recommended Action: Update to version 2.6.9.1, or a newer patched version
Plugin: Complianz – GDPR/CCPA Cookie Consent
Vulnerability: Cross-Site Request Forgery to Data Request Deletion
Patched Version: 7.0.0
Recommended Action: Update to version 7.0.0, or a newer patched version
Plugin: Premium Addons for Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Banner, Team Members, and Image Scroll Widgets
Patched Version: 4.10.22
Recommended Action: Update to version 4.10.22, or a newer patched version
Plugin: Friends
Vulnerability: Authenticated (Admin+) Blind Server-Side Request Forgery
Patched Version: 2.8.6
Recommended Action: Update to version 2.8.6, or a newer patched version
Plugin: Download Manager
Vulnerability: Missing Authorization
Patched Version: 3.2.85
Recommended Action: Update to version 3.2.85, or a newer patched version
Plugin: Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 4.5.2
Recommended Action: Update to version 4.5.2, or a newer patched version
Plugin: Restaurant Solutions – Checklist
Vulnerability: Authenticated (Admin+) Stored Cross-Site Scripting
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Beaver Builder – WordPress Page Builder
Vulnerability: Authenticated(Contributor+) Stored Cross-Site Scripting via Audio Widget
Patched Version: 2.7.4.3
Recommended Action: Update to version 2.7.4.3, or a newer patched version
Plugin: Master Slider – Responsive Touch Slider
Vulnerability: Authenticated(Editor+) Stored Cross-Site Scripting via slider callback
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Master Slider – Responsive Touch Slider
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Marketing Optimizer
Vulnerability: Cross-Site Request Forgery to Stored Cross-Site Scripting
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Gutenberg Blocks by Kadence Blocks – Page Builder Features
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 3.2.24
Recommended Action: Update to version 3.2.24, or a newer patched version
Plugin: Slider Responsive Slideshow – Image slider, Gallery slideshow
Vulnerability: Authenticated (Contributor+) PHP Object Injection
Patched Version: 1.4.0
Recommended Action: Update to version 1.4.0, or a newer patched version
Plugin: Exclusive Addons for Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Covid-19 Stats Widget
Patched Version: 2.6.9.1
Recommended Action: Update to version 2.6.9.1, or a newer patched version
Plugin: Custom Field Suite
Vulnerability: Authenticated (Admin+) Stored Cross-Site Scripting
Patched Version: 2.6.5
Recommended Action: Update to version 2.6.5, or a newer patched version
Plugin: Ultimate Bootstrap Elements for Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Migration, Backup, Staging – WPvivid
Vulnerability: Unauthenticated SQL Injection
Patched Version: 0.9.69
Recommended Action: Update to version 0.9.69, or a newer patched version
Plugin: AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth
Vulnerability: Authenticated (Admin+) SQL Injection
Patched Version: 7.3.15
Recommended Action: Update to version 7.3.15, or a newer patched version
Plugin: Exclusive Addons for Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget
Patched Version: 2.6.9.1
Recommended Action: Update to version 2.6.9.1, or a newer patched version